NutriBullet website hit by Magecart hackers

News
By
published

Website breached multiple times with customer data stolen

(Image credit: Shutterstock.com)

Hackers have been able to break into NutriBullet’s website multiple times during the last few months, new research has found.

Known as Magecart Group 8, the group were able to inject malicious credit card-skimming malware on the blender maker's site. The criminals were able to get hold of personal details like card numbers, names, billing addresses, expiry dates and card verification numbers.

The attacks began on February 20, and could still be continuing today, although NutriBullet says it removed the malicious code from its site.

NutriBullet attack

According to security firm RiskIQ, the hackers were able to attach a card skimming tool to a javascript code library on NutriBullet’s website.

The data collected was shared to a server operated by these hackers to then be sold on the dark web. RiskIQ claims that its researchers had been trying to contact NutriBullet for over three weeks, but did not get a response. 

Yonathan Klijnsma, Head of research of RiskIQ, urged users not to use or shop on NutriBullet’s website till the company fixes the vulnerabilities and acknowledges their outreach.

NutriBullet’s chief information officer Peter Huh admitted its website had experienced intrusion and that the company will be working with the cyber-forensic research team to investigate. He, however, did not confirm if impacted users will be informed about the data breach.

This hacking group is said to have been able to hack over 200 websites using a similar method, having previously attacked companies like Amerisleep, Ticketmaster, British Airways, the American Cancer Society, Newegg and MyPillow.

There are eight known Magecart hacking groups and all of them work with an independent motive, “Their preferred tactic is focusing on individuals victims, avoiding the ‘shotgun approach’ many other Magecart groups take. The group 8 attackers and skims specific sites they seem to cherry-pick for a particular purpose.” RiskIQ said.

Via: TechCrunch

Jitendra Soni
Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Latest in News
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Google Gemini Calendar
Gemini is coming to Google Calendar, here’s how it will work and how to try it now
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
More about security
botnet

YouTubers targeted by blackmail campaign to promote malware on their channels
A hacker wearing a hoodie sitting at a computer, his face hidden.

Experts warn this critical PHP vulnerability could be set to become a global problem
The Deepal EO7 from the side, an SUV and pick-up truck combo

I drove an electric SUV that transforms into a pick-up, and it’s as fun as it is functional
See more latest
Most Popular
Google Gemini Calendar
Gemini is coming to Google Calendar, here’s how it will work and how to try it now
Ryzen AI Max+ 395
Race to launch most powerful AI mini PC ever heats up as GMKTec confirms Ryzen AI Max+ 395 product for May 2025
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Whirlwind I Computer
Happy birthday, Director! The first operating system in the world turns 70 today
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
Tesla Model 3
Tesla's EV sales are plummeting – as used Model Y and Model 3 prices crash to bargain levels
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Person using Dyson V8 vacuum
Dyson vacuums have one big problem and I don't understand why